There is no organization, whether public or private, that is safe from cyberattacks. This time, a team of web application security experts reported on a ransomware attack that has compromised the systems of PerCSoft, an information backup services company based in Wisconsin.
Among the company’s top customers is Digital
Dental Record (DDR) which operates an online data backup service called DDS
Safe, where medical records, insurance information, clinical histories and
other data gathered by hundreds of dental offices throughout the U.S.
Although the number of dental practices
affected is still unknown, web application security experts say that not all
practices that depend on DDS Safe have been compromised. The incident would
have occurred last Monday and was detected almost immediately after the
encryption of the information.
The company has not issued official statements about the incident, but a Wisconsin government official mentioned that the incident, a ransomware attack, encrypted the files of nearly 500 dental offices in the state, also adding that it has already been retrieved the information from about 100 of the company’s customers. “We still don’t know if the company decided to pay the ransom, neither the amount demanded by hackers; the malware variant used in this attack has also not been identified,” she said.
Thanks to the most recent posts on the
company’s Facebook page, web application security experts discovered some
details about the incident recovery process, mentioning that both PerCSoft and
DDR hired services of a security company that is working on recovering files
encrypted by the ransomware.
However, conflicting versions continue to
appear, as some users in Facebook groups dedicated to cybersecurity claim that
the company decided to pay the ransom to restore access to the compromised
information as soon as possible. In addition, a supposed conversation between
one of the affected practices and a PerCSoft executive leaked; in the chat, the
executive is informing the client about their decision to pay the ransom. In
the conversation, dental offices managers are concerned about having to cover
the costs of the incident, to which the company executive answers: “We
will pay the ransom.”
In more detail, a leaked screenshot of one of
the infected machines shows that the malware employed by the operators of this
attack is a newly detected and highly dangerous variant known as REvil or
Sodinokibi. An official confirmation from the company is still expected.
Web application security experts collaborating
in organizations such as the FBI
and the International Institute of Cyber Security (IICS) advise victims of
these attacks not to give in to the demands or threats of hackers, as this only
benefits them and the risk of losing compromised information remains latent.
However, an increase in the number of victims who decide to pay the ransom has
been detected, as they are looking for quickly restore their operations and
avoid a potentially long and costly data recovery process.